Utilize SAN extension matching during SSL/TLS peer verification

[rdlowrey]

Even when specifying appropriate CN_match context settings it's not always possible to correctly verify peers
using the existing PHP encryption wrappers. Consider a scenario in which we connect to a party whose
certificate utilizes the Subject Alternative Name (SAN) X.509 extension. A real-world example is
github.com whose common name (CN) is github.com but whose certificate lists SAN entries of both
github.com and github.com. An RFC 2818-compliant implementation will verify either name as correct:

If a subjectAltName extension of type dNSName is present, that MUST be used as the identity.

At this time PHP's encryption wrappers do not verify peer names against a cert's SAN list. As a result
the peer verification routine fails when attempting to verify the provided certificate with a CN_match field equal to "github.com".

Note that this patch has no BC implications and should be safe to merge with 5.4 and 5.5 branches.

[rdlowrey]

@m6w6 Ping. I've applied the suggested zend_bool changes. Let me know if you see anything else that should be modified prior to merging.